Azure Documentation

Configuring Backend Pools in Azure Application Gateway

Backend pools are fundamental to how Azure Application Gateway directs traffic. They define the collection of backend resources that will receive traffic routed by the gateway. This document provides a comprehensive guide on understanding and configuring backend pools.

What is a Backend Pool?

A backend pool is a logical grouping of backend servers. Application Gateway uses backend pools to determine which servers should receive incoming requests for a specific listener and rule. You can configure backend pools to include virtual machines, virtual machine scale sets, app services, or even external IP addresses.

Types of Backend Targets

Application Gateway supports several types of backend targets:

• IP Address or FQDN: You can specify individual IP addresses (private or public) or fully qualified domain names (FQDNs) of your backend servers.
• Virtual Machine Scale Sets (VMSS): You can point a backend pool directly to a VMSS instance. Application Gateway automatically discovers and manages the instances within the VMSS.
• App Service: For applications hosted on Azure App Service, you can select the App Service from a dropdown. Application Gateway will handle the necessary integrations.
• App Service Environment (ASE): Similar to App Service, you can also target applications deployed within an ASE.

Creating a Backend Pool

You can create backend pools through the Azure portal, Azure CLI, or PowerShell.

Using the Azure Portal:

1. Navigate to your Application Gateway resource in the Azure portal.
2. In the left-hand menu, under "Settings," select "Backend pools."
3. Click "+ Add" to create a new backend pool.
4. Provide a descriptive name for the backend pool.
5. Select the "Backend targets" type (IP address/FQDN, VMSS, etc.).
6. Add the IP addresses, FQDNs, or select the VMSS/App Service instances you want to include.
7. Configure the "HTTP settings" for this backend pool. This includes protocol, port, and cookie-based affinity.
8. Click "Add" to save the backend pool.

Configuring Backend HTTP Settings

When you add a backend pool, you also need to configure its associated HTTP settings. These settings determine how Application Gateway communicates with the backend servers. Key settings include:

• Protocol: HTTP or HTTPS.
• Port: The port your backend servers are listening on (e.g., 80 for HTTP, 443 for HTTPS).
• Cookie-based Affinity: Enables sticky sessions, ensuring a client is always directed to the same backend server for the duration of a session.
• Connection Draining: Gracefully removes backend servers from service by completing in-flight requests before taking them offline.
• Override: Allows you to override the hostname in the HTTP request sent to the backend server.
• Use well-known CA certificates: When using HTTPS, this allows Application Gateway to trust certificates issued by well-known Certificate Authorities.
• Custom Probe: You can associate a custom health probe with the backend pool to monitor the health of your backend servers.

Health Probes and Backend Pools

Application Gateway uses health probes to determine the health of backend servers within a pool. If a server is unhealthy, Application Gateway will stop sending traffic to it until it becomes healthy again. It's crucial to configure health probes that accurately reflect the health of your application.

Backend Pool Management Best Practices

• Descriptive Naming: Use clear and descriptive names for your backend pools to easily identify their purpose.
• Logical Grouping: Group related backend servers together in a pool.
• Regular Review: Periodically review your backend pools and their associated targets to ensure they are up-to-date.
• Health Monitoring: Configure appropriate health probes and monitor their status to ensure service availability.
• Security: For HTTPS communication, properly configure SSL certificates and trust settings.

By effectively configuring backend pools, you can ensure that your applications are highly available, scalable, and performant.